zezere: role/playbook to deploy Zezere

Zezere is the Fedora IoT device provisioning service.  It is the
software that runs *provision.fedoraproject.org*, but it can be
self-hosted (if you can figure it out; there is no documentation
whatsoever).

The main use case for running Zezere locally is to automatically add
trusted SSH public keys to Fedora IoT devices, without depending on a
cloud service.  This playbook sets up Zezere with the very minimal
configuration needed to meet this goal.

roles/zezere/tasks/main.yml

@@ -0,0 +1,82 @@
+- name: ensure zezere is installed
+  package:
+    name: '{{ zezere_packages }}'
+    state: present
+  register: install_zezere
+  tags:
+  - install
+
+- name: ensure zezere group is present
+  group:
+    name: zezere
+    system: true
+    state: present
+  tags:
+  - user
+  - group
+- name: ensure zezere user is present
+  user:
+    name: zezere
+    group: zezere
+    system: true
+    shell: /sbin/nologin
+    home: /var/lib/zezere
+    createhome: false
+    state: present
+  tags:
+  - user
+
+- name: ensure zezere data directory exists
+  file:
+    path: /var/lib/zezere
+    owner: zezere
+    group: zezere
+    mode: '0700'
+    state: directory
+  tags:
+  - datadir
+- name: ensure zezere data directory selinux label is set
+  sefcontext:
+    path: /var/lib/zezere(/.*)?
+    setype: httpd_var_lib_t
+    state: present
+  notify: relabel zezere data directory
+  tags:
+  - datadir
+  - selinux
+
+- name: ensure zezere is configured
+  template:
+    src: zezere.conf.j2
+    dest: /etc/zezere.conf
+    mode: '0640'
+    owner: root
+    group: zezere
+  notify:
+  - reload httpd
+  tags:
+  - config
+
+- name: run zezere database migrations
+  become: true
+  become_user: zezere
+  command:
+    zezere-manage migrate
+  when: >-
+    zezere_migrate|d|bool or
+    install_zezere is defined and install_zezere.changed
+  tags:
+  - migration
+
+- name: ensure zezere wsgi script is installed
+  copy:
+    src: zezere.wsgi
+    dest: /usr/local/share/zezere.wsgi
+  notify: reload httpd
+- name: ensure apache is configured to serve zezere
+  copy:
+    src: zezere.httpd.conf
+    dest: /etc/httpd/conf.d/zezere.conf
+  notify: reload httpd
+  tags:
+  - apache-config